17 matches found
CVE-2025-41089
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
CVE-2025-41089
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
CVE-2025-41089 Reflected Cross-Site Scripting (XSS) in CMS
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
CVE-2025-41089 Reflected Cross-Site Scripting (XSS) in CMS
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
CVE-2025-41089
CVE-2025-41089 affects Xibo CMS v4.1.2. The vulnerability arises from insufficient validation of user input in the Templates section, specifically when an element with a Configuration Name field (e.g., Clock widget) is modified after creation. The root cause is lack of proper input validation, en...
EUVD-2025-33693
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
PLANET FW-WGS-804HPT 安全漏洞
Planet FW-WGS-804HPT is a wall mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the stpconfname parameter in the webstpglobalSettingpost function failing to correctly validate the length and size of the input data...
CVE-2024-6344
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
ZKTeco ZKBio CVSecurity V5000 Code Injection Vulnerability
ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBio CVSecurity V5000 version 4.1.0, which stems from the manipulation of the parameter Configuration Name can lead to cross-site scripting...
Cross Site Scripting (XSS)
org.opencrx: opencrx-core-models is vulnerable to HTML Injection. The vulnerability is due to a lack of proper input sanitization in the Product Configuration Name Field. This allows an attacker to inject malicious HTML into the application...
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
Design/Logic Flaw
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
CVE-2023-40817
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
OpenCRX Security Vulnerabilities
openCRX is an open source Crm software. A security vulnerability exists in OpenCRX version 5.2.0, which originated from a vulnerability that allows attackers to perform HTML injection attacks via the Product Configuration Name field...
CVE-2023-40817
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...